[FWDLK] Fw: US-CERT Cyber Security Alert SA06-117A -- Scripts in eBay Po
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FWDLK] Fw: US-CERT Cyber Security Alert SA06-117A -- Scripts in eBay Postings May Enable Phishing Attacks



Here's something I just received from the National Cyber Alert System regarding eBay - something many of us have already known. But I thought I'd pass it on anyway for safety sake.
/s/ Bill
----- Original Message ----- From: "US-CERT Alerts" <alerts@xxxxxxxxxxx>
To: <alerts@xxxxxxxxxxx>
Sent: Thursday, April 27, 2006 12:48 PM
Subject: US-CERT Cyber Security Alert SA06-117A -- Scripts in eBay Postings May Enable Phishing Attacks




-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1



National Cyber Alert System

Cyber Security Alert SA06-117A


Scripts in eBay Postings May Enable Phishing Attacks


  Original release date: April 27, 2006
  Last revised: --
  Source: US-CERT


Systems Affected


    The eBay web site may contain pages that affect various web
    browsers.


Overview


    A vulnerability in the eBay web site may allow an attacker to steal
    personal information from eBay customers.


Solution


Verify the legitimacy of eBay web pages

    Attackers may use the vulnerability to perform a phishing attack.
    Make sure that the URL is accurate, and check the web site
    certificate to make sure that you are visiting an authentic eBay
    web page.


Description


    eBay allows users to incorporate a type of code, also known as
    scripting, into the auction descriptions on its web site. An
    attacker can use this code to modify pages on eBay's web site or
    redirect you to a malicious web page. These may appear to be
    legitimate eBay web pages that request personal information. Using
    these techniques, an attacker may be able to collect your
    passwords, credit card numbers, or other personal information.

    Please see US-CERT Vulnerability note VU#808921 for details and
    additional workarounds.


References


    * US-CERT Vulnerability Note VU#808921 -
      <http://www.kb.cert.org/vuls/id/808921>

    * Securing Your Web Browser -
      <http://www.us-cert.gov/reading_room/securing_browser/>

    * Avoiding Social Engineering and Phishing Attacks -
      <http://www.us-cert.gov/cas/tips/ST04-014.html>

    * Understanding Web Site Certificates -
      <http://www.us-cert.gov/cas/tips/ST05-010.html>

    * eBay's Spoof Email Tutorial -
      <http://pages.ebay.com/education/spooftutorial/spoof_3.html>

* eBay Security Center - <http://pages.ebay.com/securitycenter>


____________________________________________________________________


The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/alerts/SA06-117A.html>
____________________________________________________________________

  Feedback can be directed to US-CERT Technical Staff. Please send
  email to <cert@xxxxxxxx> with "SA06-117A Feedback VU#808921" in the
  subject.
____________________________________________________________________

  For instructions on subscribing to or unsubscribing from this
  mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2006 by US-CERT, a government organization.

Terms of use:

    <http://www.us-cert.gov/legal.html>
____________________________________________________________________


Revision History


Apr 27, 2006: Initial release




-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRFEZUn0pj593lg50AQJvVAgAxq4gihWKulDYYc6cHGJ3tAoJHnYvZ7U/
8odvuFMee2XZl7ojIuHGSCB6H/U/T3VQEq28eaIHe24Ql4VOxiKeRiEPk9JRpFSX
Ei+JFC9yly6G/N537Ko3Ydo7YwN/JZypyH55TBg0znEPSbtwToG/md1oxFOyahBJ
JQtE0EZyLYN7uqlGUPD1svkzwdUOc8ltu4/Ivt4pJXTCcPPW8lGlKrS+UBwcd0Wp
Dii+ctv0sBci5PWoWaU5Cd2DezptCTKne/R+KG5xxCeQVHgvKQd+j7szKycfc/o5
kwoVAv0IE1U9FgdhPZJzONrcCFAdK+hFefZgC4qGqWYg14vEDnK8EA==
=Y89H
-----END PGP SIGNATURE-----

*************************************************************


To unsubscribe or set your subscription options, please go to
http://lists.psu.edu/cgi-bin/wa?SUBED1=l-forwardlook&A=1



Home Back to the Home of the Forward Look Network


Copyright © The Forward Look Network. All rights reserved.

Opinions expressed in posts reflect the views of their respective authors.
This site contains affiliate links for which we may be compensated.